Source:
SecurityFocus.
SSH (and derivatives) is the protocol Secure Shell protocol
implementation. It is available for various operating systems, although
this vulnerability affects operating systems such as Unix and Linux.
A problem with the package could make it possible for remote users to
execute unauthorized programs. The problem is in the handling of command
line execution.
Most versions of SSH permit the execution of commands remotely via the
supplying the command name wrapped in single quotes. This can allow
remote users to execute commands without logging directly into a shell on
the system.
It has been reported that it is possible for a remote user to upload files
to world-writeable directories, and execute commands from world-writeable
directories. In doing so, a user may be able to upload a script, and
execute the script to gain access to a regular shell on the system. This
would allow the user unrestricted, but unprivileged access.
SecurityFocus staff have been unable to reproduce this vulnerability with
OpenSSH version 3.1p1.
Reply With Quote